public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Jeff Garzik <jgarzik@bitpay.com>
To: Gregory Maxwell <gmaxwell@gmail.com>
Cc: Bitcoin Development <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] PSA: Please sign your git commits
Date: Thu, 22 May 2014 14:06:10 -0400	[thread overview]
Message-ID: <CAJHLa0NNMKW57r2cRsu3a1UFSf5MSp-EWATqf--DKTe-=n26CA@mail.gmail.com> (raw)
In-Reply-To: <CAAS2fgSN00Y2XUqLoft9=Fq1GfWvSYQfXdD=RE8890iOU5asRQ@mail.gmail.com>

Related:  Current multi-sig wallet technology being rolled out now,
with 2FA and other fancy doodads, is now arguably more secure than my
PGP keyring.  My PGP keyring is, to draw an analogy, a non-multisig
wallet (set of keys), with all the associated theft/data
destruction/backup risks.

The more improvements I see in bitcoin wallets, the more antiquated my
PGP keyring appears.  Zero concept of multisig.  The PGP keyring
compromise process is rarely exercised.  2FA is lacking.  At least
offline signing works well. Mostly.



On Wed, May 21, 2014 at 5:02 PM, Gregory Maxwell <gmaxwell@gmail.com> wrote:
> On Wed, May 21, 2014 at 1:30 PM, Mark Friedenbach <mark@monetize.io> wrote:
>> Honest question: what would signed commits do to help us here anyway?
>> What's the problem being solved?
>>
>> Unfortunately git places signatures in the history itself, so it's not
>> like we could use easily use signatures to indicate acceptance after
>> code review, like we could if we were using monotone for example. Git
>> just wasn't designed for a commit-signing workflow.
>
> Just makes it easier to sort out things like your git account (or the
> git site) being compromised and used to submit commits.
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos.
> Get unparalleled scalability from the best Selenium testing platform available
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development



-- 
Jeff Garzik
Bitcoin core developer and open source evangelist
BitPay, Inc.      https://bitpay.com/



  reply	other threads:[~2014-05-22 18:06 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-05-21 12:23 [Bitcoin-development] PSA: Please sign your git commits Wladimir
2014-05-21 16:39 ` Chris Beams
2014-05-21 17:10   ` Wladimir
2014-05-21 20:30     ` Mark Friedenbach
2014-05-21 21:02       ` Gregory Maxwell
2014-05-22 18:06         ` Jeff Garzik [this message]
2014-05-23  0:25           ` Peter Todd
2014-05-23  7:12           ` Wladimir
2014-05-23 16:38             ` Mark Friedenbach
2014-05-23 16:48             ` Kyle Jerviss
2014-05-23 17:32               ` Gregory Maxwell
2014-05-23 10:23     ` Wladimir
2014-06-09 15:34       ` Chris Beams
2014-05-21 20:25   ` David A. Harding
2014-05-22  1:09     ` Chris Beams

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAJHLa0NNMKW57r2cRsu3a1UFSf5MSp-EWATqf--DKTe-=n26CA@mail.gmail.com' \
    --to=jgarzik@bitpay.com \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=gmaxwell@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox